The present invention is directed to computer technology. More particularly, the invention provides systems and methods for information processing. Merely by way of example, the invention has been applied to rules related to information processing. But it would be recognized that the invention has a much broader range of applicability.
Conventionally, a client terminal of a security software is often installed on a personal computer. When a user uses the client terminal of the security software to scan and kill viruses, the client terminal can often work with a server to actively or passively scan data on the personal computer, and thus ensure the security of the personal computer.
In a conventional cloud scan method, the client terminal of the security software may scan certain contents on the personal computer according to a set of predetermined validation rules and obtain scanning information which is then uploaded to the server. The scanned contents may include certain files and/or scanning points that may present system security risks. The files that may present system security risks usually include executable files or dll files, and the related validation rules are often based on calculating MD5 codes of these files. The scanning points usually include marker positions or entry positions set by the security software, such as the Start menu, system startup items, IE loading information, etc., and the related validation rules are often based on obtaining or calculating the configuration information of the scanning points.
Scanning rules are often stored on the server and define the relationship between the scanning information and corresponding recommended operations. The server may compare the scanning information and predetermined validation information. If the scanning information and the predetermined validation information do not match, the recommended operations corresponding to the scanning information may be returned based on certain predetermined scanning rules. The user of the client terminal may take actions based on the recommended operations.
However, conventionally, the scanning rules are often predetermined based on a small range of testing data obtained by one or more data-scanning service providers, and updated periodically on the server based on information associated with recently discovered viruses or Trojan horses. Such scanning rules may not be suitable for application environments of different user groups. In addition, such scanning rules may not be timely adapted for newly created files or scanning points, which often results in a high rate of false alarms and reduces data security.
Hence it is highly desirable to improve the techniques for updating scanning rules.